TL; DR: Is it possible (and if so, desirable) to configure my OPNsense router to handle non-standard traffic instead of needing to configure each client device manually? Examples of what I mean by ‘non-standard traffic’ include Handshake, I2P, ZeroNet, and Tor.
Sorry, I should clarify. I’m hoping to possibly have a setup like this:
- Browser makes a request to an eepsite
- The router sees the request is to a domain ending in
.i2p
and forwards the request to a service running on the router - That service then performs the necessary encryption and establishes connection with the I2P network.
I’d imagine it’s a similar process for other protocols and networks. No idea if this is possible or desirable.
https://www.grepular.com/Transparent_Access_to_I2P_eepSites
Something like this makes logical sense, but can’t say I’ve ever tried such a feat. As a general rule though keeping the gateway/firewall free of extraneous software is a good practice just to limit the potential attack surface. If you try it I’d create a dedicated VM somewhere to host the i2p/Tor gateway from to keep it off the network edge directly.